Packages changed: MicroOS-release (20250902 -> 20250903) SDL3 (3.2.20 -> 3.2.22) busybox-links container-selinux (2.240.0 -> 2.241.0) iso-codes (4.16.0 -> 4.18.0) mozilla-nss (3.113 -> 3.115.1) podman python-cryptography python-maturin (1.9.3 -> 1.9.4) qt6-declarative selinux-policy (20250812 -> 20250902) sof-firmware (2025.05 -> 2025.05.1) wireplumber (0.5.10 -> 0.5.11) zlib-ng-compat (2.2.4 -> 2.2.5) === Details === ==== MicroOS-release ==== Version update (20250902 -> 20250903) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== SDL3 ==== Version update (3.2.20 -> 3.2.22) - Update to release 3.2.22 * A bunch of changes for non-Linux platforms only ==== busybox-links ==== Subpackages: busybox-coreutils busybox-diffutils busybox-grep busybox-gzip busybox-hostname busybox-sed busybox-xz - Add busybox-ether-wake replacing downstream ether-wake from net-tools (boo#1249034). - Provide support for net-tools-dummy-ether-wake (bsc#1242048). ==== container-selinux ==== Version update (2.240.0 -> 2.241.0) - Update to version 2.241.0: * Allow domains that trans to container_runtime_t bpf:prog_run ==== iso-codes ==== Version update (4.16.0 -> 4.18.0) - Update to version 4.18.0: + Replace FSF postal address with their website + Rename Chinese translations. + Updated translations. - Changes from version 4.17.0: + Add letter 'g' to conversion script for Tatar + Regenerate cyrillic Tatar from latin Tatar + Update Romanian translation and remove most pre- and suffixes + Updated translations. ==== mozilla-nss ==== Version update (3.113 -> 3.115.1) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.115.1 * bmo#1982742 - restore support for finding certificates by decoded serial number. * bmo#1984165 - avoid CKR_BUFFER_TO_SMALL error in trust lookups. - update to NSS 3.115 * bmo#1970304 - CID 1648399 - Resource leak in shlibsign.c * bmo#1981034 - CKA_SEED needs to be marked as a private attribute * bmo#1981518 - Fix bad syntax on Windows in softoken_gtest.cc * bmo#1974505 - Key private/public/secret keys by key type in softoken keydb * bmo#1980990 - add PK11_HPKE_GetSharedSecret to abi-check expected report * bmo#1980429 - remove NetscapeStepUpMatchesServerAuth from mozpkix TrustDomain * bmo#1927351 - Fixup ABI * bmo#1927351 - add ECH_SECRET and ECH_CONFIG to SSLKEYLOG for both client and server * bmo#1900841 - ECH fuzz target * bmo#1965331 - Implement PKCS #11 v3.2 FIPS indicator and validation objects * bmo#1978677 - remove expired explicitly distrusted DigiNotar lookalike root * bmo#1965329 - Implement PKCS #11 v3.2 functions - update to NSS 3.114 * bmo#1977376 - NSS 3.114 source distribution should include NSPR 4.37 * bmo#1970079 - Prevent leaks during pkcs12 decoding * bmo#1953731 - Remove redundant assert in p7local.c * bmo#1974515 - Bump nssckbi version to 2.80 * bmo#1961848 - Remove expired Baltimore CyberTrust Root * bmo#1972391 - Add TrustAsia Dedicated Roots to NSS * bmo#1974511 - Add SwissSign 2022 Roots to NSS * bmo#1836559 - Add backwards compatibility for CK_PKCS5_PBKD2_PARAMS * bmo#1965328 - Implement PKCS #11 v3.2 trust objects in softoken * bmo#1965328 - Implement PKCS #11 v3.2 trust objects - nss proper * bmo#1974331 - remove dead code in ssl3con.c * bmo#1934867 - DTLS (excl DTLS1.3) Changing Holddown timer logic * bmo#1974299 - Bump nssckbi version to 2.79 * bmo#1967826 - remove unneccessary assertion * bmo#1948485 - Update mechanisms for Softoken PCT * bmo#1974299 - convert Chunghwa Telecom ePKI Root removal to a distrust after * bmo#1973925 - Ensure ssl_HaveRecvBufLock and friends respect opt.noLocks * bmo#1973930 - use -O2 for asan build * bmo#1973187 - Fix leaking locks when toggling SSL_NO_LOCKS * bmo#1973105 - remove out-of-function semicolon * bmo#1963009 - Extend pkcs8 fuzz target * bmo#1963008 - Extend pkcs7 fuzz target * bmo#1908763 - Remove unused assignment to pageno * bmo#1908762 - Remove unused assignment to nextChunk * bmo#1973490 - don't run commands as part of shell `local` declarations * bmo#1973490 - fix sanitizer setup * bmo#1973187 - don't silence ssl_gtests output when running with coverage * bmo#1967411 - Release docs and housekeeping * bmo#1972768 - migrate to new linux tester pool - rebase FIPS patches to adjust for upstream FIPS work ==== podman ==== - Do not recommend apparmor-parser and apparmor-abstractions: if the system is using apparmor, those packages will be present. If the system is selinux enabled, we don't want to recommend those packages just becuase we build support for apparmor into the package. ==== python-cryptography ==== - Add Make-unsafe-subinterpreter-support-available-via-cfg.patch to allow ceph-mgr to load modules (boo#1248987) ==== python-maturin ==== Version update (1.9.3 -> 1.9.4) - Update to 1.9.4 * downgrade manylinux version for riscv64 by @ffgan in #2709 * Fix calculation of platform tag for FreeBSD by @michael-o in #2711 * Add builtin sysconfigs for GraalPy by @msimacek in #2716 * Add use-base-python option to pyproject.toml by @SquidDev in #2717 * fix clippy warnings by @alex in #2724 * Fix Target::get_python_arch comment (#2712) by @michael-o in #2726 * Set PYO3_BUILD_EXTENSION_MODULE env var when building pyo3 extension modules by @alex in #2723 - regenerate vendor tarball to fix CVE-2025-58160 (bsc#1249011) ==== qt6-declarative ==== Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsPlatform6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlMeta6 libQt6QmlModels6 libQt6QmlNetwork6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 libQt6QuickVectorImage6 libQt6QuickWidgets6 qt6-declarative-imports - Disable LTO on armv6/7 as a workaround - boo#1249054 ==== selinux-policy ==== Version update (20250812 -> 20250902) Subpackages: selinux-policy-targeted - Update to version 20250902: * Label /usr/lib/systemd/systemd-ssh-issue with systemd_ssh_issue_exec_t * Allow stalld map sysfs files * Allow NetworkManager-dispatcher-winbind get pidfs attributes * Allow openvpn create and use generic netlink socket * policy_capabilities: remove estimated from released versions * policy_capabilities: add stub for userspace_initial_context * add netlink_xperm policy capability and nlmsg permission definitions * policy_capabilities: add ioctl_skip_cloexec * selinux-policy: add allow rule for tuned_ppd_t * selinux-policy: add allow rule for switcheroo_control_t * Label /run/audit with auditd_var_run_t * Allow virtqemud start a vm which uses nbdkit * Add nbdkit_signal() and nbdkit_signull() interfaces * Fix insights_client interfaces names * Add insights_core and insights_client interfaces * dist/targeted/modules.conf: enable slrnpull module * Allow bootupd delete symlinks in the /boot directory * Allow systemd-coredumpd capabilities in the user namespace * Allow openvswitch read virtqemud process state - Syncing with upstream rawhide selinux-policy up to: * 17956d28c011c35560e75a7293ac5924df57a1ee - Update embedded container-selinux version to commit: * 5997aa524734886d35e187f52de2546f25c9f500 (version 2.241.0) ==== sof-firmware ==== Version update (2025.05 -> 2025.05.1) - version update to 2025.05.1: * SOF v2.13.1 DSP topologies. ==== wireplumber ==== Version update (0.5.10 -> 0.5.11) Subpackages: libwireplumber-0_5-0 - Update to version 0.5.11: * Additions & Enhancements: - Added modem manager module for tracking voice call status and voice call device profile selection hooks to improve phone call audio routing on mobile devices (!722, !729, #819) - Added MPRIS media player pause functionality that automatically pauses media playback when the audio target (e.g. headphones) is removed (!699, #764) - Added support for human-readable names and localization of settings in wireplumber.conf with wpctl displaying localized setting descriptions (!712) - Improved default node selection logic to use both session and route priorities when nodes have equal session priorities (!720) - Increased USB device priority in the ALSA monitor (!719) * Fixes: - Fixed multiple Lua runtime issues including type confusion bugs, stack overflow prevention, and SPA POD array/choice builders (!723, !728) - Fixed proxy object lifecycle management by properly clearing the OWNED_BY_PROXY flag when proxies are destroyed to prevent dangling pointers (!732) - Fixed state-routes handling to prevent saving unavailable routes and eliminate race conditions during profile switching (!730, #762) - Fixed some memory leaks in the script tester and the settings iterator (!727, !726) - Fixed a potential crash caused by module-loopback destroying itself when the pipewire connection is closed (#812) - Fixed profile saving behavior in wpctl set-profile command (#808) - Fixed GObject introspection closure annotation ==== zlib-ng-compat ==== Version update (2.2.4 -> 2.2.5) - Update to 2.2.5: * RiscV: chunkset_rvv: fix SIGSEGV in CHUNKCOPY #1889 * MSVC: Disable optimizations for AVX512 GET_CHUNK_MAG causing inflate failure #1884 * Fix building with runtime CPU detection disabled (native) [#1931] * Also check for ZMM support when detecting VPCLMULQDQ support [#1932] * Revert "Clean up insert_match() in deflate_medium" due to performance regression #1938